Allow hbx_tier3 admins to edit user (#2735)

* Bug 107413 (#2733) * adds consumer override policy * adds specs * adds change user name and email permissions to hbx_tier3 users * adds specs --------- Co-authored-by: Sri Harsha <sriharsha.poosa@gmail.com>
health-connector · Aug 6, 2024 · ce401a3 · ce401a3
1 parent 2ee356a
commit ce401a3
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 8 deletions.
diff --git a/app/data_migrations/define_permissions.rb b/app/data_migrations/define_permissions.rb
@@ -41,7 +41,7 @@ def initial_hbx
       .update_attributes!(modify_family: true, modify_employer: true, revert_application: true, list_enrollments: true,
                           send_broker_agency_message: true, approve_broker: true, approve_ga: true, can_update_ssn: false, can_complete_resident_application: false,
                           can_add_sep: false, can_lock_unlock: true, can_view_username_and_email: true, can_reset_password: false, modify_admin_tabs: true,
-                          view_admin_tabs: true,  view_the_configuration_tab: true, can_submit_time_travel_request: false)
+                          view_admin_tabs: true,  view_the_configuration_tab: true, can_submit_time_travel_request: false, can_change_username_and_email: true)
     Permission
       .find_or_initialize_by(name: 'super_admin')
       .update_attributes!(modify_family: true, modify_employer: true, revert_application: true, list_enrollments: true,
@@ -177,6 +177,7 @@ def hbx_admin_can_update_enrollment_end_date_or_reinstate
 
   def hbx_admin_can_change_username_and_email
     Permission.super_admin.update_attributes!(can_change_username_and_email: true)
+    Permission.hbx_tier3.update_attributes!(can_change_username_and_email: true)
   end
 
   def hbx_admin_view_login_history

diff --git a/spec/data_migrations/permissions_spec.rb b/spec/data_migrations/permissions_spec.rb
@@ -41,17 +41,33 @@
     end
 
     context 'update can change username and email for super admin hbx staff role', dbclean: :before_each do
-      let(:given_task_name) {':hbx_admin_can_change_username_and_email'}
-      let(:person) { FactoryBot.create(:person) }
-      let(:permission) { FactoryBot.create(:permission, :super_admin) }
-      let(:role) { FactoryBot.create(:hbx_staff_role, person: person, subrole: "super_admin", permission_id: permission.id) }
 
       before do
         subject.hbx_admin_can_change_username_and_email
       end
 
-      it "updates hbx_admin_can_change_username_and_email to true" do
-        expect(permission.reload.can_change_username_and_email).to be true
+      context "of an hbx super admin" do
+        let(:hbx_super_admin) do
+          FactoryBot.create(:person).tap do |person|
+            FactoryBot.create(:hbx_staff_role, person: person, subrole: "super_admin", permission_id: Permission.super_admin.id)
+          end
+        end
+
+        it 'returns true' do
+          expect(hbx_super_admin.hbx_staff_role.permission.can_change_username_and_email).to be true
+        end
+      end
+
+      context "of an hbx tier3" do
+        let(:hbx_tier3) do
+          FactoryBot.create(:person).tap do |person|
+            FactoryBot.create(:hbx_staff_role, person: person, subrole: "hbx_tier3", permission_id: Permission.hbx_tier3.id)
+          end
+        end
+
+        it 'returns true' do
+          expect(hbx_tier3.hbx_staff_role.permission.can_change_username_and_email).to be true
+        end
       end
     end
 
@@ -1194,4 +1210,4 @@
       expect(Person.all.to_a.map{|p| p.hbx_staff_role.subrole}).to match_array roles
     end
   end
-end
+end